Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-32601

Edit permission should also apply to workflow transitions

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      By default users can change the status of an issue when they don't have permission to edit it. This is unexpected and generally unwanted behaviour. The recommended change is to add a condition to the transition that checks for Edit permission.

      The problem is that when administrators create workflows from scratch they have to add the condition to every transition. A better choice would be to automatically add the condition, just as five post functions are automatically added.

      A paragraph about this in some release notes saying that the default had changed would save many people much tedium and make the JIRA security model more robust.

            [JRASERVER-32601] Edit permission should also apply to workflow transitions

            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3053840 ] New: JAC Suggestion Workflow 3 [ 3683370 ]
            Status Original: RESOLVED [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing v4 [ 2617748 ] New: JAC Suggestion Workflow [ 3053840 ]
            Rachel Lin (Inactive) made changes -
            Workflow Original: JIRA PM Feature Request Workflow v2 - TEMP [ 2586911 ] New: Confluence Workflow - Public Facing v4 [ 2617748 ]
            Status Original: Closed [ 6 ] New: Resolved [ 5 ]
            Ignat (Inactive) made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 - TEMP [ 2362251 ] New: JIRA PM Feature Request Workflow v2 - TEMP [ 2586911 ]
            Katherine Yabut made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 [ 2129915 ] New: JIRA Bug Workflow w Kanban v6 - TEMP [ 2362251 ]
            Katherine Yabut made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 - TEMP [ 2093303 ] New: JIRA Bug Workflow w Kanban v6 [ 2129915 ]
            Katherine Yabut made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 [ 883709 ] New: JIRA Bug Workflow w Kanban v6 - TEMP [ 2093303 ]
            jonah (Inactive) made changes -
            Description Original: By default users can change the status of an issue when they don't have permission to edit it. This is unexpected and generally unwanted behaviour. The recommended change is to add a condition to the transition that checks for Edit permission.

            The problem is that when administrators create workflows from scratch they have to add the condition to every transition. A better choice would be to automatically add the condition, just as five post functions are automatically added.

            A paragraph about this in some release notes saying that the default had changed would save many people much tedium and make the JIRA security model more robust.
            New: {panel:bgColor=#e7f4fa}
              *NOTE:* This suggestion is for *JIRA Server*. Using *JIRA Cloud*? [See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-32601].
              {panel}

            By default users can change the status of an issue when they don't have permission to edit it. This is unexpected and generally unwanted behaviour. The recommended change is to add a condition to the transition that checks for Edit permission.

            The problem is that when administrators create workflows from scratch they have to add the condition to every transition. A better choice would be to automatically add the condition, just as five post functions are automatically added.

            A paragraph about this in some release notes saying that the default had changed would save many people much tedium and make the JIRA security model more robust.
            jonah (Inactive) made changes -
            Link New: This issue relates to JRACLOUD-32601 [ JRACLOUD-32601 ]
            Confluence Escalation Bot (Inactive) made changes -
            Labels New: affects-cloud affects-server

              Unassigned Unassigned
              73d805a2526b MattS
              Votes:
              9 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated:
                Resolved: